Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Consent form


    Answer:

    Our EU GDPR Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ contains a draft consent form that you can use, as well as all the other documents you need to consider for EU GDPR compliance.

    I also suggest you to check out our webinar “How to handle consents under GDPR” https://advisera.com/eugdpracademy/webinar/how-to-handle-consents-under-gdpr-free-webinar-on-demand/

  • Application of control A.18.1.1

    The application of control A.18.1.1 (Identification of applicable legislation and contractual requirements) refers only to the identification of the legal requirements that can affect your information security - for example, requirements related to privacy regulation, regulation on e-commerce, etc.
    If a law or contract applicable to your organization has no impact on the information protected by your ISMS scope, you do not need to document it for the purposes of the information security management.
    Regarding the services you provide, if they are not included in your ISMS scope, there is also no need to document it.

  • Cláusulas 5.1 y 5.3: ¿es necesario documentarlas?

    En cuanto a la cláusula 5.1 de la ISO 14001:2015 no existe documentación obligatoria con la que cumplir. Sin embargo, la alta dirección debe demostrar su liderazgo garantizando los recursos adecuados el SGA, asegurando que el plan estratégico sea compatible y esté integrado con el SGA y cumpliendo con la mejora continua, entre otros.
    Para más información vea "Cómo demostrar el liderazgo según la ISO 14001:2015" (en inglés): https://advisera.com/14001academy/blog/2015/10/05/how-to-demonstrate-leadership-according-to-iso-140012015/#
    En el caso de la cláusula 5.3, tampoco existe documentación obligatoria que exija la norma ISO 14001:2015. Para poder cumplir con los requisitos de este numeral es muy recomendable que la alta dirección asigne a los diferentes roles la responsabilidad y autoridad necesarias para que se puedan cumplir sin dificultades todos los requisitos del SGA y para que la alta dirección se mantenga informada sobre el desempeño del sistema.La asignación se puede realizar mediante la elaboración y la comunicación interna de perfiles completos de los puestos de trabajo. Además de todas las actas de reunión en la que se realice la revisión por la dirección y los comités.
    Para más información, vea "Cuáles son los roles y responsabilidades clave en el SGA": https://advisera.com/14001academy/blog/2016/11/21/what-are-the-key-roles-and-responsibilities-in-the-ems/
    Además estos materiales pueden ser de utilidad:
    - Curso Fundamento de ISO 14001:2015: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/
    - Libro sobre ISO 14001:2015 (sólo disponible en inglés): https://advisera.com/books/the-iso-14001-2015-companion/
    - Herramienta en línea para ISO: https://advisera.com/conformio/

  • Customer requirements


    Answer:

    I worked for several years in a PVC producing company, so I am quite aware that there are PVC grades that are fully interchangeable. My answer is: go and check if your contracts or agreements with customers say anything about the need to inform the customer whenever you change a raw material even if there is no performance change. As a consultant I work with injection molding companies – some have contracts that detail the raw materials to use and any change is a breach of contract; and some have nothing in the contract and can change without communicating to customers.

    The following material will provide you information about ISO 9001:

    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • How to start ISO 13485 implementation project


    Answer:

    Once you have the top management support for the project, sou should conduct a gap analysis to determine to what extent your organization is already compliant with ISO 13485 and what needs to be done to achieve full compliance. After determining the gaps, you can define the project plan for the implementation where you will define the activities, documents to be developed, responsibilities and deadlines.

    Usually, the first step in the project is defining the procedure for document and record control, and then the quality policy. The next step is to identify the processes and resource management. Then you can conduct risk assessment and define controls for the processes.

    Once your processes are set up, you can perform internal audit and management review and you will be ready for the certification audit.

  • EMS objectives and procedure


    Answer:

    No, there is no requirement in ISO 14001 about a mandatory procedure related with EMS objectives and planning to achieve them.

    The following material will provide you information about ISO 14001 mandatory and non-mandatory documentation:

    - ISO 14001 – List of mandatory documents required by ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-mandatory-documents-required-by-iso-140012015/
    - free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    - book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/

  • Quality Assurance vs Quality Control


    Answer:

    First of all, good luck for your interview.

    Quality Control is about having a specification, having a control plan (what to control, by whom, and when, with what sample size), performing that control plan and ensuring that nonconformities are treated.

    Quality Assurance is much richer, includes Control but also designing the Control Plan, working with preventive measures like working with suppliers, training workers, includes improving quality by changing procedures, specifications and other items.

    Quality Control is focused in meeting quality requirements. Quality Assurance is focused in giving confidence that quality requirements will be met.

    The following material will provide you information about the risk-based approach:

    - ISO 9001 – How to use quality control tools to improve your QMS - https://advisera.com/9001academy/blog/2017/04/18/how-to-use-quality-control-tools-to-improve-your-qms/
    - Making the best out of ISO 9001 Quality Plan - https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Organizational unit responsible for ISO standards


    Answer:

    First of all, I would like to emphasize that the idea you presented won't work very well because:
    1) It is not natural to create a separa te "ISO department" because the best persons to run such projects are e.g. Chief Information Security Officer for ISO 27001, Business continuity manager for ISO 22301, etc.
    2) The auditors need to be in a separate organizational unit from the personnel that is implementing the standard.

    An exception would be if your company is large one (e.g. more than 10,000 employees) - in such case you could have a "Project management office" where a professional project manager would be in charge of the implementation project, and CISO, BC manager and others would be members of the project team.

    See also:
    - Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/
    - Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
    - ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/

  • GDPR Implementation

    The two standards you mentioned only cove a small part of the hole privacy framework namely the part relating to security to which art. 32 of the EU GDPR – “Security of processing” (https://advisera.com/eugdpracademy/gdpr/security-of-processing/) is referring to.

    Unfortunately there are no certifications available as per EU GDPR art. 40 - “Certification” (https://advisera.com/eugdpracademy/gdpr/certification/) to my advice is that you to audit the whole program internally at least until the certifications and code of conduct become available.

  • Collecting consent


    Answer:

    It really does not matter how consent collected as long as the consent is a freely given, specific, informed and unambiguous indication of the

    individual’s wishes. You must ensure you keep records so you can demonstrate that consent has been given by the relevant individual. If you want to collect it via telephone you need to record the conversation as well.

    If you want to find out more about consent you can check out our webinar “How to handle consents under GDPR” https://advisera.com/eugdpracademy/webinar/how-to-handle-consents-under-gdpr-free-webinar-on-demand/
Page 760-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +